Login
    Contenu x
    AAL2GenVerifySignatureEsCmd
    • 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2GenVerifySignatureEsCmd

    • Mis à jour le 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function prototype

    aat_int32 AAL2GenVerifySignatureEsCmd(
                                     aat_byte*      Cmd,
                                     aat_int32*     CmdSize,
                                     TDigipassBlob* DPData,
                                     TKernelParms*  CallParms,
                                     aat_ascii*     aStorageKeyNameIn,
                                     aat_ascii*     aIVIn,
                                     aat_ascii*     aSignatureIn,
                                     aat_ascii*     aSignedDataFieldsIn[8],
                                     aat_int32      FieldCountIn,
                                     aat_int32      DeferredSignatureDataIn,
                                     aat_ascii      aServerPublicKey);

    Description

    This function extends AL2GenVerifySignatureCmd offering the enhanced security feature. This feature prevents potential man-in-the-middle attacks in the architecture integrating software Digipass authenticators. A server public key, such as a certificate, can be used in input to diversify the challenge.

    In addition, this function introduces pre-processing on the DataFields in input; each DataField can have up to 32000 characters.

    The signature validation with enhanced security on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software e-Signature Validation Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.

    This function must be used with the post-HSM API AAL2ProcVerifySignatureEsRpl.

    Parameters

      Table: Parameters (AAL2GenVerifySignatureEsCmd)
    TypeNameUseDescription
    aat_byte *CmdO

    Up to 1539 bytes that serialize the VERIFY SIGNATURE command type and the input data to the verify signature function on the HSM:

    • Command type - 2 bytes
    • Digipass data block - 192 bytes
    • Runtime parameters - 80 bytes
    • StorageKeyName - up to 128 characters
    • InitialVector - 8 bytes
    • Signature - up to 41 characters
    • Formatted signed data fields - 16 characters
    • Field count - 4 bytes
    • Deferred signature data - 4 bytes
    • Host time - 4 bytes

    Plus 36 bytes for Authentication Suite Server SDK internal use.

    aat_int32 *CmdSizeI/OOn entry, this parameter contains the size of the Cmd buffer.On exit, this parameter contains the length of the Cmd message.
    TDigipassBlob *DPDataIDigipass description data block.
    TKernelParms*CallParmsI

    Structure of runtime parameters to use during this function call.

    aat_ascii *aStorageKeyNameInI

    String of up to 128+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the HSM storage key used to encrypt the sensitive Digipass application BLOB data.

    aat_ascii * aIVInI

    String of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.

    aat_ascii *aSignatureInIString of up to 17+24 numeric or hexadecimal characters, null-terminated or padded with spaces.
    aat_ascii *aSignedDataFieldsInI

    Array of 8 null-terminated strings of up to 32000 printable ASCII-EBCDIC invariant characters. This parameter holds the 8 possible data fields that are used to generate a signature.

    For a list of the characters that can be used for the data fields, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide, Section "Supported data fields charset".

    aat_int32 FieldCountINumeric value from 1 to 8 indicating the number of data fields to use from the aSignedDataFieldsIn array.
    aat_int32 Deferred Signature Data I
    • Must be 0 if signature is validated in online mode (OnlineSG=1 or 2).
    • If signature is validated in offline mode with OnlineSG=0, this parameter can receive the Digipass date of the signature generation (number of elapsed seconds since January 1, 1970) or 0. (With 0, the current time is used.)

      If this parameter is >0, the filled parameter must be the Digipass time, not the host time.

    • If the signature is validated in offline mode with OnlineSG=3, this parameter must receive counter of the Digipass instance used for the signature generation.
    aat_ascii *aServerPublicKeyI

    String of up to 1024 hexadecimal characters, null-terminated. This parameter is used as a diversifier to prevent man-in-the-middle attacks. If this parameter is NULL, diversification will not take place.

    Return codes

      Table: Return codes (AAL2GenVerifySignatureEsCmd)
    CodeMeaningCodeMeaning
    0Success413Invalid Base64 format
    139Invalid signature pointer510Invalid Digipass data pointer
    141Invalid field count590Invalid command pointerr
    148Invalid data field pointer706Invalid data buffer pointer
    207Deferred signature not allowed with OnLineSG not Null1018Invalid TLV item pointer
    412Invalid checksum (software)1025Data buffer too small
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle